stackoom
  简体   繁体   中英

What is safe way to communicate java applet -> MySQL

 原文  2013-02-26 17:42:54       java/ php/ mysql/ login

Question

Im making a small java game which is running on webpages. Now Im trying to get my game to communicate with MySQL db and its now doing it via PHP.

So here is what happens:

  1. There is basic login system which sets session when logged in (PHP).
  2. When the java game is asking data from db it sends POST (URLConnection) to PHP page.
  3. PHP page checks that session is set, if so it echos wanted info from db.
  4. Java game plays with PHP page output.

Working and running like a dream!

Only thing Im worried is that I actually have to change and store more data into db via this same cycle. So if you have your session running you can basicly do nice HTML form and set better weapon for your character.

I tried to google basic ways to communicate with databases and the basic theory how servers work safely. No easy answers.

So shortly my question is,

What is the safe and right way to communicate (read and write) between java app and database?

And for future do the same with android apps etc. Im glad if you just give me a kick to right direction.

Thanking you!

2 answers

solution1
 3 ACCPTED  2013-02-26 17:50:55

There is none. If there is any way a client can issue arbitrary SQL queries directly to the server from the outside, then there's virtually no protection that prevents anyone from doing anything with the database they want, include SELECT * FROM users and DROP TABLE users .

You always want an API between the outside world and your server components which defines clearly allowed actions and blocks anything else. Allowing arbitrary SQL queries is basically an API allowing unrestricted access to everything in the database, which is usually too broad.

The way you usually do this is to define a number of actions that a client can do and expose them via an API, say a REST API. The Java client talks to this API, whatever happens behind the scenes on the server is irrelevant. It's not about "talking to a database", it's about doing certain things on the server . And the number of those things is and should be limited.

solution2
 0  2013-02-26 17:53:34

Take a look at this articles...

What Applets Can and Cannot Do

Security Issues with the Applet

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question java applet freezes browser and way to communicate between javascript and applet Can Flash SWF communicate with Java applet, and vice versa, in any way? What are the alternatives to Java Applet for mobile platform browsers? Is obfuscated Javascript safe? What is the efficient way in writing a java card applet? What is the proper way to handle the closing of a java applet? What is the best way for Adobe flex to communicate with Java? What is the most efficient way to communicate with R (R Project), MySQL, and Java on a LAMP system? How to securely communicate with a database using a java applet Java applet communicate with servlet on tomcat server Java Applet with Mysql ExceptionInInitializerError
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM